package cn.tedu.springboot.jdbc;

import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;

//本类是用来演示怎么解决sql注入的演示demo
public class TestSelect3 {
    private static Connection conn = null;
    private static PreparedStatement ps = null;
    private static ResultSet rs = null;
    public static void main(String[] args) throws Exception {

        String url = "jdbc:mysql://localhost:3306/tedu?useUnicode=true&characterEncoding=utf8&serverTimezone=Asia/Shanghai";
        String user = "root";
        String pwd = "root";
        conn = DriverManager.getConnection(url, user, pwd);
        System.out.println("连接成功~~");
        //SELECT id,name FROM location WHERE id = 1 AND name = '北京'
        String sql = "SELECT id,name FROM location where id = ? AND name = ?";
        ps = conn.prepareStatement(sql);
        ps.setInt(1,1);
        ps.setString(2,"' or '1'='1");
        rs = ps.executeQuery();
        System.out.println(rs.next() == true ? "记录存在!" : "记录不存在!");
        //5.释放资源
        rs.close();
        ps.close();
        conn.close();

    }
}

